Brian, You hit the nail on the head.
PFS key group at site one was set to ‘Off’. Needed to be ‘2’ Thank you everyone. Mahalo, Jeremy On Jan 8, 2012, at 4:15 PM, Marc R. Meshurle Jr. wrote: > PFS 2.0 has a new location for phase 2 setups. Make sure that you click the + > sign and setup the phase 2 and make sure the check box is enabled. > > Marc R. Meshurle, Jr. > Owner/Senior Engineer > Kato Technology Solutions, Inc. > > > -----Original Message----- > From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] > On Behalf Of Brian Franklin > Sent: Sunday, January 08, 2012 00:03 > To: pfSense support and discussion > Subject: Re: [pfSense] Problem with IPsec VPN > > "pfs group mismatched: my:2 peer:0" > > Check your "PFS key group" settings in Phase 2. Make sure they match on both > sides. > > Brian > www.ntginc.net > > -----Original Message----- > From: list-boun...@lists.pfsense.org > [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jeremy Bennett > Sent: Saturday, January 07, 2012 2:57 AM > To: list@lists.pfsense.org > Subject: [pfSense] Problem with IPsec VPN > > I have a site to site IPsec VPN setup. This is probably the 3rd or 4th set of > these that I've done, and all the other setups seem to work fine-I've > double-checked the setup, and if it is a config error, I am overlooking it. > > PFSense 2.0 final on Alix hardware. > > Site 2 always reports that the ipsec is down. I can restart it from services, > and it works for a few hours, but ultimately shuts down. > > This is the error: > > Jan 5 15:02:21 racoon: [Site1]: [00.000.00.00 site1 address] ERROR: no > proposal chosen [Check Phase 2 settings, algorithm]. > Jan 5 15:02:21 racoon: [Site1]: [00.000.00.00 site1 address] ERROR: > failed to pre-process ph2 packet [Check Phase 2 settings, networks] > (side: 1, status: 1). > Jan 5 15:46:24 racoon: [Site1]: INFO: respond new phase 2 negotiation: > 00.000.00.00 site2 address[500]<=>00.000.00.00 site1 address[500] > Jan 5 15:46:24 racoon: ERROR: pfs group mismatched: my:2 peer:0 > Jan 5 15:46:24 racoon: ERROR: not matched > Jan 5 15:46:24 racoon: ERROR: no suitable policy found. > > This error repeats continuously in the log of site 2. > > How do I start troubleshooting this? > > Thank you, > Jeremy > _______________________________________________ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
